<p dir="ltr">Your build of syslog-ng seems to lack java support. It should be present in 3.7.x releases, but it also depends on who compiled them. Where did you get your binaries from?</p>
<p dir="ltr">BTW, someone builds syslog-ng docker images that has java support. You might try that to get through the initial hassles. Then later you may decide whether to use the docker in production or rather get a recent and properly built binary.</p>
<p dir="ltr">Bazsi</p>
<div class="gmail_quote">On May 27, 2016 10:16 AM, "Ivan Adji - Krstev" <<a href="mailto:akivanradix@gmail.com">akivanradix@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<font face="Helvetica, Arial, sans-serif">Thanks for the doc. I read
them and i have the following error:<br>
<br>
<b>Error parsing destination, destination plugin java not found in
/etc/syslog-ng/syslog-ng.conf at line 57, column 3:</b><b><br>
</b><b> java(<br>
<br>
</b>I have configure as follow:<br>
@version:3.7<br>
@include "scl.conf"<br>
@module mod-java<br>
<br>
<b></b></font>source s_sys {<br>
system();<br>
internal();<br>
network(ip(0.0.0.0) port(6514)<br>
flags(syslog-protocol)<br>
transport("tls")<br>
tls(key_file("/etc/syslog-ng/cert.d/serverkey.pem")<br>
cert_file("/etc/syslog-ng/cert.d/servercert.pem")<br>
ca_dir("/etc/syslog-ng/ca.d")<br>
) );<br>
<br>
};<br>
<br>
parser pattern_db {<br>
db-parser(<br>
file("/etc/syslog-ng/patterndb.d/patterndb.xml")<br>
);<br>
};<br>
<br>
destination d_es {<br>
java(<br>
class-path("/usr/lib64/syslog-ng/java-modules/*.jar:/usr/share/elasticsearch/lib/*.jar")<br>
class-name("org.syslog_ng.elasticsearch.ElasticSearchDestination")<br>
option("index", "syslog-ng_${YEAR}.${MONTH}.${DAY}")<br>
option("type", "test")<br>
option("cluster", "czpcluster")<br>
option("flush_limit", "100")<br>
option( "message_template", "$(format-json --scope rfc3164
--scope nv-pairs --exclude R_DATE --key ISODATE)\n")<br>
);<br>
};<br>
<br>
I have installed just Syslog-NG and Elasticsearch ? Do i need to
install somethign else ?<br>
<br>
<br>
<br>
<div>On 05/26/2016 04:53 PM, Szabó, István
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,<br>
<br>
For using syslog-ng together with elasticsearch and Kibana this
is a pretty good description, also giving you a good
understanding of what it enables you to do:<br>
<br>
<a href="https://czanik.blogs.balabit.com/2015/10/how-to-parse-data-with-syslog-ng-store-in-elasticsearch-and-analyze-with-kibana/" target="_blank">https://czanik.blogs.balabit.com/2015/10/how-to-parse-data-with-syslog-ng-store-in-elasticsearch-and-analyze-with-kibana/</a><br>
<br>
<a href="https://czanik.blogs.balabit.com/2015/12/elasticsearch-and-syslog-ng-fast-and-simple/" target="_blank">https://czanik.blogs.balabit.com/2015/12/elasticsearch-and-syslog-ng-fast-and-simple/</a><br>
<br>
/Istvan<br>
<div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>______________________________________________________________________________
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a>
</pre>
</blockquote>
<br>
</div>
<br>______________________________________________________________________________<br>
Member info: <a href="https://lists.balabit.hu/mailman/listinfo/syslog-ng" rel="noreferrer" target="_blank">https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>
Documentation: <a href="http://www.balabit.com/support/documentation/?product=syslog-ng" rel="noreferrer" target="_blank">http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>
FAQ: <a href="http://www.balabit.com/wiki/syslog-ng-faq" rel="noreferrer" target="_blank">http://www.balabit.com/wiki/syslog-ng-faq</a><br>
<br>
<br></blockquote></div>